🥇 Ua haujlwm yooj yim nrog Check Point API siv Python SDK

Lub zog tag nrho ntawm kev sib cuam tshuam nrog APIs tau tshwm sim thaum siv ua ke nrog cov txheej txheem kev pab cuam, thaum nws dhau los ua kom muaj zog tsim cov lus thov API thiab cov cuab yeej rau kev tshuaj xyuas API cov lus teb. Txawm li cas los xij, nws tseem nyob twj ywm unnoticeable Python Software Development Kit (tom qab no hu ua Python SDK) rau Check Point Management API, tab sis nyob rau hauv vain. Nws ua kom yooj yim rau lub neej ntawm cov neeg tsim khoom thiab cov neeg nyiam ua haujlwm automation. Python tau txais txiaj ntsig loj heev tsis ntev los no thiab kuv tau txiav txim siab los sau qhov sib txawv thiab tshuaj xyuas cov yam ntxwv tseem ceeb. Check Point API Python Development Kit. Kab lus no ua haujlwm zoo ntxiv rau lwm tsab xov xwm ntawm Habré Txheeb Point R80.10 API. Kev tswj hwm ntawm CLI, scripts thiab ntau dua. Peb yuav saib yuav ua li cas sau ntawv siv Python SDK thiab ua tib zoo saib ntawm Kev Tswj Xyuas API tshiab hauv version 1.6 (txhawb pib los ntawm R80.40). Txhawm rau nkag siab cov lus, koj yuav xav tau kev paub yooj yim ntawm kev ua haujlwm nrog APIs thiab Python.

Check Point yog nquag tsim API thiab tam sim no cov hauv qab no tau raug tso tawm:

Check Point Management API (tam sim no version 1.6) - ua haujlwm nrog tus tswj server ntawm API (thiab muaj peev xwm ua tiav cov ntawv sau ntawm lub rooj vag tswj hwm los ntawm tus tswj hwm server)
Check Point GAIA API (tam sim no version 1.4) - ua haujlwm nrog kev ruaj ntseg rooj vag
Kev Tiv Thaiv Kev Nyab Xeeb API 1.0 - ua haujlwm nrog sandbox hauv Check Point huab
Identity Awareness API - ua hauj lwm nrog Identity Awareness hniav ntawm rooj vag
Security Management Portal API - ua haujlwm nrog SMB rooj vag tswj lub qhov rooj (Xav paub ntau ntxiv txog SMB gateways)
IoT API - kev sib cuam tshuam nrog IoT tswj
CloudGuard Txuas API - ua haujlwm nrog CloudGuard Txuas (SD-WAN kev ruaj ntseg daws teeb meem)
Dome9 API - ua haujlwm nrog Dome 9

Python SDK tam sim no tsuas yog txhawb kev cuam tshuam nrog Kev Tswj Xyuas API thiab Gaia API. Peb yuav saib cov chav kawm tseem ceeb tshaj plaws, cov txheej txheem thiab cov kev hloov pauv hauv qhov module no.

Txhim kho lub module

Module cpapi ib installs sai thiab yooj yim los ntawm official Check Point repository ntawm github nrog kev pab pip. Cov lus qhia ntxaws txog kev teeb tsa muaj nyob hauv README.md. Cov qauv no tau hloov kho los ua haujlwm nrog Python versions 2.7 thiab 3.7. Hauv kab lus no, piv txwv yuav muab siv Python 3.7. Txawm li cas los xij, Python SDK tuaj yeem khiav ncaj qha los ntawm Check Point Management Server (Smart Management), tab sis lawv tsuas yog txhawb nqa Python 2.7, yog li ntu kawg yuav muab cov cai rau version 2.7. Tam sim ntawd tom qab txhim kho lub module, kuv xav kom saib cov piv txwv hauv cov npe piv txwv_python2 и piv txwv_python3.

Pib

Txhawm rau kom peb tuaj yeem ua haujlwm nrog cov khoom ntawm cpapi module, peb yuav tsum tau import los ntawm module cpapi ib yam tsawg kawg yog ob chav kawm uas yuav tsum tau muaj:

APIClient и APIClientArgs

from cpapi import APIClient, APIClientArgs

Класс APIClientArgs yog lub luag haujlwm rau kev sib txuas tsis ua haujlwm rau API server, thiab chav kawm APIClient yog lub luag haujlwm rau kev cuam tshuam nrog API.

Kev txiav txim siab kev sib txuas

Txhawm rau txheeb xyuas ntau yam kev sib txuas rau API, koj yuav tsum tsim ib qho piv txwv ntawm chav kawm APIClientArgs. Hauv txoj ntsiab cai, nws cov kev txwv tsis pub dhau los thiab thaum khiav cov ntawv sau rau ntawm tus tswj server, lawv tsis tas yuav tsum tau teev tseg.

client_args = APIClientArgs()

Tab sis thaum khiav ntawm tus tswv tsev thib peb, koj yuav tsum qhia tsawg kawg yog qhov chaw nyob IP lossis tus tswv lub npe ntawm API server (tseem hu ua server server). Hauv qhov piv txwv hauv qab no, peb txhais cov kev sib txuas ntawm cov neeg rau zaub mov thiab muab nws qhov chaw nyob IP ntawm kev tswj hwm tus neeg rau zaub mov raws li txoj hlua.

client_args = APIClientArgs(server='192.168.47.241')

Cia peb saib tag nrho cov kev txwv thiab lawv cov txiaj ntsig zoo uas tuaj yeem siv tau thaum txuas rau API server:

Cov lus sib cav ntawm __init__ txoj kev ntawm APIClientArgs chav kawm

class APIClientArgs:
    """
    This class provides arguments for APIClient configuration.
    All the arguments are configured with their default values.
    """

    # port is set to None by default, but it gets replaced with 443 if not specified
    # context possible values - web_api (default) or gaia_api
    def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
                 api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
                 api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
        self.port = port
        # management server fingerprint
        self.fingerprint = fingerprint
        # session-id.
        self.sid = sid
        # management server name or IP-address
        self.server = server
        # debug level
        self.http_debug_level = http_debug_level
        # an array with all the api calls (for debug purposes)
        self.api_calls = api_calls if api_calls else []
        # name of debug file. If left empty, debug data will not be saved to disk.
        self.debug_file = debug_file
        # HTTP proxy server address (without "http://")
        self.proxy_host = proxy_host
        # HTTP proxy port
        self.proxy_port = proxy_port
        # Management server's API version
        self.api_version = api_version
        # Indicates that the client should not check the server's certificate
        self.unsafe = unsafe
        # Indicates that the client should automatically accept and save the server's certificate
        self.unsafe_auto_accept = unsafe_auto_accept
        # The context of using the client - defaults to web_api
        self.context = context

Kuv ntseeg tias cov lus sib cav uas tuaj yeem siv tau rau hauv chav kawm APIClientArgs yog qhov nkag siab zoo rau cov thawj coj saib xyuas thiab tsis xav tau cov lus qhia ntxiv.

Kev sib txuas ntawm APIClient thiab tus thawj tswj ntsiab lus

Класс APIClient Txoj kev yooj yim tshaj plaws los siv nws yog los ntawm tus neeg saib xyuas cov ntsiab lus. Txhua yam uas yuav tsum tau dhau mus rau ib qho piv txwv ntawm APIClient chav kawm yog qhov kev sib txuas tsis sib xws uas tau teev tseg hauv cov kauj ruam dhau los.

with APIClient(client_args) as client:

Tus neeg saib xyuas cov ntsiab lus yuav tsis cia li nkag mus rau API server, tab sis nws yuav ua tus hu tawm thaum tawm mus. Yog tias vim qee yam tsis tas yuav tsum tau logout tom qab ua tiav kev ua haujlwm nrog API hu, koj yuav tsum pib ua haujlwm yam tsis siv tus tswj hwm cov ntsiab lus:

client = APIClient(clieng_args)

Tshawb xyuas qhov txuas

Qhov yooj yim tshaj plaws los xyuas seb qhov kev sib txuas puas ua tau raws li qhov kev txwv tsis pub siv yog siv txoj kev check_fingerprint. Yog tias qhov kev txheeb xyuas ntawm sha1 hash sum rau tus ntiv tes ntawm tus neeg rau zaub mov API daim ntawv pov thawj tsis ua tiav (tus qauv xa rov qab cuav), ces qhov no feem ntau tshwm sim los ntawm cov teeb meem kev sib txuas thiab peb tuaj yeem nres qhov kev ua tiav ntawm qhov kev pab cuam (los yog muab sijhawm rau tus neeg siv los kho cov ntaub ntawv txuas):

    if client.check_fingerprint() is False:
        print("Could not get the server's fingerprint - Check connectivity with the server.")
        exit(1)

Thov nco ntsoov tias yav tom ntej hauv chav kawm APIClient yuav xyuas txhua API hu (txoj kev api_call и api_query, peb mam li tham txog lawv me ntsis ntxiv) sha1 daim ntawv pov thawj ntiv tes ntawm API server. Tab sis yog tias, thaum kuaj xyuas sha1 ntiv tes ntawm API server daim ntawv pov thawj, kuaj pom qhov yuam kev (daim ntawv pov thawj tsis paub lossis tau hloov pauv), txoj kev check_fingerprint yuav muab lub sijhawm los ntxiv / hloov cov ntaub ntawv hais txog nws ntawm lub tshuab hauv zos tau txais. Qhov kev kuaj no tuaj yeem ua tsis taus tag nrho (tab sis qhov no tsuas yog pom zoo yog tias cov ntawv sau tau khiav ntawm API server nws tus kheej, thaum txuas rau 127.0.0.1), siv APIClientArgs kev sib cav - unsafe_auto_accept (saib ntxiv txog APIClientArgs ua ntej hauv "Txhais kev sib txuas tsis tau").

client_args = APIClientArgs(unsafe_auto_accept=True)

Nkag mus rau API server

У APIClient muaj ntau npaum li 3 txoj hauv kev rau kev nkag mus rau API server, thiab txhua tus nkag siab lub ntsiab lus li(session-id), uas yog siv tau nyob rau hauv txhua qhov txuas API hu rau hauv header (lub npe nyob rau hauv header ntawm no parameter yog X-chkp-sid), yog li tsis tas yuav ntxiv cov txheej txheem no.

tus txheej txheem nkag

Kev xaiv siv tus ID nkag mus thiab lo lus zais (hauv qhov piv txwv, tus username admin thiab password 1q2w3e tau dhau los ua qhov kev sib cav):

     login = client.login('admin', '1q2w3e')

Ntxiv cov kev xaiv tsis tau kuj tseem muaj nyob rau hauv txoj kev nkag mus; ntawm no yog lawv cov npe thiab cov nqi qub:

continue_last_session=False, domain=None, read_only=False, payload=None

Login_with_api_key method

Kev xaiv siv tus yuam sij api (txhawb pib los ntawm kev tswj hwm version R80.40 / Tswj API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" qhov no yog API tus nqi tseem ceeb rau ib tus neeg siv ntawm kev tswj hwm server nrog API qhov tseem ceeb tso cai txoj kev):

     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')

Hauv txoj kev login_with_api_key tib yam kev xaiv tsis muaj nyob rau hauv txoj kev ID nkag mus.

login_as_root txoj kev

Kev xaiv nkag mus rau lub tshuab hauv zos nrog API server:

     login = client.login_as_root()

Tsuas muaj ob qhov kev xaiv tsis tau muaj rau txoj kev no:

domain=None, payload=None

Thiab thaum kawg API hu lawv tus kheej

Peb muaj ob txoj hauv kev los ua API hu los ntawm txoj hauv kev api_call и api_query. Cia peb xav seb qhov txawv ntawm lawv yog dab tsi.

api_call

Txoj kev no siv tau rau txhua qhov kev hu. Peb yuav tsum dhau qhov kawg ntawm api hu thiab them nyiaj hauv lub cev thov yog tias tsim nyog. Yog tias payload yog khoob, ces nws tsis tuaj yeem hloov pauv txhua yam:

api_versions = client.api_call('show-api-versions')

Tso zis rau qhov kev thov no hauv qab no txiav:

In [23]: api_versions                                                           
Out[23]: 
APIResponse({
    "data": {
        "current-version": "1.6",
        "supported-versions": [
            "1",
            "1.1",
            "1.2",
            "1.3",
            "1.4",
            "1.5",
            "1.6"
        ]
    },
    "res_obj": {
        "data": {
            "current-version": "1.6",
            "supported-versions": [
                "1",
                "1.1",
                "1.2",
                "1.3",
                "1.4",
                "1.5",
                "1.6"
            ]
        },
        "status_code": 200
    },
    "status_code": 200,
    "success": true
})

show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})

Tso zis rau qhov kev thov no hauv qab no txiav:

In [25]: show_host                                                              
Out[25]: 
APIResponse({
    "data": {
        "color": "black",
        "comments": "",
        "domain": {
            "domain-type": "domain",
            "name": "SMC User",
            "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
        },
        "groups": [],
        "icon": "Objects/host",
        "interfaces": [],
        "ipv4-address": "8.8.8.8",
        "meta-info": {
            "creation-time": {
                "iso-8601": "2020-05-01T21:49+0300",
                "posix": 1588358973517
            },
            "creator": "admin",
            "last-modifier": "admin",
            "last-modify-time": {
                "iso-8601": "2020-05-01T21:49+0300",
                "posix": 1588358973517
            },
            "lock": "unlocked",
            "validation-state": "ok"
        },
        "name": "h_8.8.8.8",
        "nat-settings": {
            "auto-rule": false
        },
        "read-only": false,
        "tags": [],
        "type": "host",
        "uid": "c210af07-1939-49d3-a351-953a9c471d9e"
    },
    "res_obj": {
        "data": {
            "color": "black",
            "comments": "",
            "domain": {
                "domain-type": "domain",
                "name": "SMC User",
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
            },
            "groups": [],
            "icon": "Objects/host",
            "interfaces": [],
            "ipv4-address": "8.8.8.8",
            "meta-info": {
                "creation-time": {
                    "iso-8601": "2020-05-01T21:49+0300",
                    "posix": 1588358973517
                },
                "creator": "admin",
                "last-modifier": "admin",
                "last-modify-time": {
                    "iso-8601": "2020-05-01T21:49+0300",
                    "posix": 1588358973517
                },
                "lock": "unlocked",
                "validation-state": "ok"
            },
            "name": "h_8.8.8.8",
            "nat-settings": {
                "auto-rule": false
            },
            "read-only": false,
            "tags": [],
            "type": "host",
            "uid": "c210af07-1939-49d3-a351-953a9c471d9e"
        },
        "status_code": 200
    },
    "status_code": 200,
    "success": true
})

api_query

Cia kuv ua ib qho kev tshwj tseg tam sim ntawd tias txoj kev no tsuas yog siv tau rau kev hu xov tooj uas nws cov zis cuam tshuam nrog offset. Qhov kev xav zoo li no tshwm sim thaum nws muaj lossis yuav muaj ntau cov ntaub ntawv. Piv txwv li, qhov no tuaj yeem yog qhov kev thov rau ib daim ntawv teev npe ntawm txhua tus tswv tsev tsim khoom ntawm kev tswj xyuas server. Rau qhov kev thov no, API xa rov qab cov npe ntawm 50 yam khoom los ntawm lub neej ntawd (koj tuaj yeem nce qhov txwv rau 500 yam khoom hauv cov lus teb). Thiab txhawm rau kom tsis txhob rub cov ntaub ntawv ob peb zaug, hloov qhov offset parameter hauv API thov, muaj api_query txoj kev uas ua qhov no ua haujlwm tau. Piv txwv ntawm kev hu qhov twg xav tau txoj kev no: qhia-sessions, show-hosts, show-networks, show-wildcards, show-groups, show-chaw nyob-ranges, show-simple-gateways, show-simple-pawg, show-access-roles, show-trusted-clients, show-packages. Qhov tseeb, peb pom ntau cov lus hauv lub npe ntawm API hu, yog li cov kev hu no yuav yooj yim dua los ntawm api_query

show_hosts = client.api_query('show-hosts')

Tso zis rau qhov kev thov no hauv qab no txiav:

In [21]: show_hosts                                                             
Out[21]: 
APIResponse({
    "data": [
        {
            "domain": {
                "domain-type": "domain",
                "name": "SMC User",
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
            },
            "ipv4-address": "192.168.47.1",
            "name": "h_192.168.47.1",
            "type": "host",
            "uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
        },
        {
            "domain": {
                "domain-type": "domain",
                "name": "SMC User",
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
            },
            "ipv4-address": "8.8.8.8",
            "name": "h_8.8.8.8",
            "type": "host",
            "uid": "c210af07-1939-49d3-a351-953a9c471d9e"
        }
    ],
    "res_obj": {
        "data": {
            "from": 1,
            "objects": [
                {
                    "domain": {
                        "domain-type": "domain",
                        "name": "SMC User",
                        "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
                    },
                    "ipv4-address": "192.168.47.1",
                    "name": "h_192.168.47.1",
                    "type": "host",
                    "uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
                },
                {
                    "domain": {
                        "domain-type": "domain",
                        "name": "SMC User",
                        "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
                    },
                    "ipv4-address": "8.8.8.8",
                    "name": "h_8.8.8.8",
                    "type": "host",
                    "uid": "c210af07-1939-49d3-a351-953a9c471d9e"
                }
            ],
            "to": 2,
            "total": 2
        },
        "status_code": 200
    },
    "status_code": 200,
    "success": true
})

Ua cov txiaj ntsig ntawm API hu

Tom qab ntawd koj tuaj yeem siv cov kev hloov pauv thiab cov txheej txheem ntawm chav kawm APIResponse(ob qho tib si hauv tus neeg saib xyuas cov ntsiab lus thiab sab nraud). Ntawm chav kawm APIResponse 4 txoj hauv kev thiab 5 qhov sib txawv tau txhais ua ntej; peb yuav nyob ntawm qhov tseem ceeb tshaj plaws hauv kev nthuav dav ntxiv.

kev vam meej

Pib nrog, nws yuav yog ib lub tswv yim zoo kom paub tseeb tias API hu ua tiav thiab xa rov qab cov txiaj ntsig. Muaj ib txoj hauv kev rau qhov no kev vam meej:

In [49]: api_versions.success                                                   
Out[49]: True

Rov qab muaj tseeb yog tias API hu ua tiav (cov lus teb chaws - 200) thiab False yog tias tsis ua tiav (ib qho lus teb rau lwm tus). Nws yog qhov yooj yim los siv tam sim tom qab hu API los tso saib cov ntaub ntawv sib txawv nyob ntawm cov lus teb.

if api_ver.success: 
    print(api_versions.data) 
else: 
    print(api_versions.err_message)

xwm txheej code

Rov qab cov lus teb chaws tom qab hu API tau ua.

In [62]: api_versions.status_code                                               
Out[62]: 400

Muaj peev xwm teb cov lej: 200,400,401,403,404,409,500,501.

set_success_status

Nyob rau hauv rooj plaub no, nws yuav tsum tau hloov tus nqi ntawm qhov kev vam meej. Technically, koj tuaj yeem muab txhua yam nyob ntawd, txawm tias ib txoj hlua tsis tu ncua. Tab sis ib qho piv txwv tiag tiag yuav rov pib qhov ntsuas no mus rau False nyob rau hauv qee qhov xwm txheej nrog. Hauv qab no, ua tib zoo saib rau qhov piv txwv thaum muaj cov haujlwm ua haujlwm ntawm kev tswj hwm server, tab sis peb yuav xav txog qhov kev thov no ua tsis tiav (peb yuav teeb tsa qhov kev vam meej rau cuav, txawm tias qhov tseeb tias API hu tau zoo thiab xa rov qab code 200).

for task in task_result.data["tasks"]:
    if task["status"] == "failed" or task["status"] == "partially succeeded":
        task_result.set_success_status(False)
        break

teb ( )

Txoj kev teb tso cai rau koj saib phau ntawv txhais lus nrog cov lus teb (status_code) thiab lub cev teb (lub cev).

In [94]: api_versions.response()                                                
Out[94]: 
{'status_code': 200,
 'data': {'current-version': '1.6',
  'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}

cov ntaub ntawv

Tso cai rau koj pom tsuas yog lub cev ntawm cov lus teb (lub cev) yam tsis muaj cov ntaub ntawv tsim nyog.

In [93]: api_versions.data                                                      
Out[93]: 
{'current-version': '1.6',
 'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}

error_message

Cov ntaub ntawv no tsuas yog muaj thaum muaj kev ua yuam kev thaum ua qhov kev thov API (cov lus teb tsis 200). Piv txwv tso zis

In [107]: api_versions.error_message                                            
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'

Cov piv txwv muaj txiaj ntsig

Cov hauv qab no yog cov piv txwv uas siv API hu uas tau ntxiv hauv Management API 1.6.

Ua ntej, cia peb saib seb kev hu ua haujlwm li cas add-host и add-address-range. Cia peb hais tias peb yuav tsum tsim txhua tus IP chaw nyob ntawm subnet 192.168.0.0/24, lub xeem octet uas yog 5, raws li cov khoom ntawm hom tswv tsev, thiab sau tag nrho lwm qhov chaw nyob IP raws li cov khoom ntawm qhov chaw nyob ntau hom. Hauv qhov no, tshem tawm qhov chaw nyob subnet thiab chaw nyob tshaj tawm.

Yog li, hauv qab no yog tsab ntawv uas daws qhov teeb meem no thiab tsim 50 yam khoom ntawm hom tswv tsev thiab 51 cov khoom ntawm qhov chaw nyob hom. Txhawm rau daws qhov teeb meem, 101 API hu yuav tsum tau (tsis suav qhov kawg tshaj tawm hu). Tsis tas li ntawd, siv timeit module, peb xam lub sijhawm nws yuav siv los ua cov ntawv kom txog thaum cov kev hloov pauv tau luam tawm.

Script siv add-host thiab add-address-range

import timeit
from cpapi import APIClient, APIClientArgs

start = timeit.default_timer()

first_ip = 1
last_ip = 4

client_args = APIClientArgs(server="192.168.47.240")

with APIClient(client_args) as client: 
     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
     for ip in range(5,255,5):
         add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
     while last_ip < 255:
         add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
         first_ip+=5
         last_ip+=5
     stop = timeit.default_timer() 
     publish = client.api_call("publish")
     
print(f'Time to execute batch request: {stop - start} seconds')

Hauv kuv qhov chaw kuaj mob, tsab ntawv no yuav siv sijhawm li ntawm 30 thiab 50 vib nas this los ua kom tiav, nyob ntawm kev thauj khoom ntawm kev tswj xyuas server.

Tam sim no cia saib yuav ua li cas daws qhov teeb meem tib yam siv API hu add-objects-batch, kev txhawb nqa uas tau ntxiv hauv API version 1.6. Qhov kev hu no tso cai rau koj los tsim ntau yam khoom ib zaug hauv ib qho kev thov API. Ntxiv mus, cov no tuaj yeem yog cov khoom sib txawv (piv txwv li, hosts, subnets thiab qhov chaw nyob). Yog li, peb txoj haujlwm tuaj yeem daws tau nyob rau hauv lub moj khaum ntawm ib qho API hu.

Script siv add-objects-batch

import timeit
from cpapi import APIClient, APIClientArgs

start = timeit.default_timer()

client_args = APIClientArgs(server="192.168.47.240")

objects_list_ip = []
objects_list_range = []

for ip in range(5,255,5):
    data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
    objects_list_ip.append(data)
    
first_ip = 1
last_ip = 4


while last_ip < 255:
    data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
    objects_list_range.append(data)
    first_ip+=5
    last_ip+=5

data_for_batch = {
  "objects" : [ {
    "type" : "host",
    "list" : objects_list_ip
}, {
    "type" : "address-range",
    "list" : objects_list_range
  }]
}


with APIClient(client_args) as client: 
     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
     add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
     stop = timeit.default_timer() 
     publish = client.api_call("publish")
     
print(f'Time to execute batch request: {stop - start} seconds')

Thiab khiav cov ntawv no hauv kuv qhov chaw kuaj mob yuav siv sijhawm li 3 mus rau 7 vib nas this, nyob ntawm qhov kev thauj khoom ntawm kev tswj xyuas server. Ntawd yog, qhov nruab nrab, ntawm 101 API cov khoom, batch hom hu khiav 10 zaug sai dua. Ntawm cov khoom loj dua qhov sib txawv yuav ua tau zoo dua.

Tam sim no cia saib yuav ua li cas ua haujlwm nrog set-objects-batch. Siv qhov kev hu API no, peb tuaj yeem hloov pauv txhua qhov kev txwv. Cia peb teeb tsa thawj ib nrab ntawm qhov chaw nyob los ntawm qhov piv txwv yav dhau los (txog .124 hosts, thiab ntau yam dhau los) rau cov xim sienna, thiab muab cov xim khaki rau ib nrab ntawm qhov chaw nyob.

Hloov cov xim ntawm cov khoom tsim hauv qhov piv txwv dhau los

from cpapi import APIClient, APIClientArgs

client_args = APIClientArgs(server="192.168.47.240")

objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []

for ip in range(5,125,5):
    data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
    objects_list_ip_first.append(data)
    
for ip in range(125,255,5):
    data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
    objects_list_ip_second.append(data)
    
first_ip = 1
last_ip = 4
while last_ip < 125:
    data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
    objects_list_range_first.append(data)
    first_ip+=5
    last_ip+=5
    
while last_ip < 255:
    data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
    objects_list_range_second.append(data)
    first_ip+=5
    last_ip+=5

data_for_batch_first  = {
  "objects" : [ {
    "type" : "host",
    "list" : objects_list_ip_first
}, {
    "type" : "address-range",
    "list" : objects_list_range_first
  }]
}

data_for_batch_second  = {
  "objects" : [ {
    "type" : "host",
    "list" : objects_list_ip_second
}, {
    "type" : "address-range",
    "list" : objects_list_range_second
  }]
}

with APIClient(client_args) as client: 
     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') 
     set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
     set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
     publish = client.api_call("publish")

Koj tuaj yeem rho tawm ntau yam khoom hauv ib qho API hu siv delete-objects-batch. Tam sim no cia saib ib qho piv txwv code uas tshem tawm tag nrho cov tswv tsim yav dhau los ntawm add-objects-batch.

Rho tawm cov khoom siv delete-objects-batch

from cpapi import APIClient, APIClientArgs

client_args = APIClientArgs(server="192.168.47.240")

objects_list_ip = []
objects_list_range = []

for ip in range(5,255,5):
    data = {"name": f'h_192.168.0.{ip}'}
    objects_list_ip.append(data)

first_ip = 1
last_ip = 4
while last_ip < 255:
    data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
    objects_list_range.append(data)
    first_ip+=5
    last_ip+=5

data_for_batch = {
  "objects" : [ {
    "type" : "host",
    "list" : objects_list_ip
}, {
    "type" : "address-range",
    "list" : objects_list_range
  }]
}

with APIClient(client_args) as client: 
     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
     delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
     publish = client.api_call("publish")

print(delete_objects_batch.data)

Tag nrho cov haujlwm uas tshwm sim hauv kev tshaj tawm tshiab ntawm Check Point software tam sim tau txais API hu. Yog li, hauv R80.40 xws li "tus yam ntxwv" raws li Rov qab mus rau kev kho dua tshiab thiab Kev Ua Haujlwm Ntsej Muag tau tshwm sim, thiab cov kev hu API sib raug tau npaj tam sim rau lawv. Ntxiv mus, tag nrho cov kev ua haujlwm thaum tsiv ntawm Legacy consoles mus rau Unified Policy hom kuj tau txais API kev txhawb nqa. Piv txwv li, qhov hloov tshiab tau tos ntev hauv software version R80.40 yog qhov txav ntawm HTTPS Txoj Cai Tshawb Fawb los ntawm Txoj Cai Lij Choj mus rau Txoj Cai Sib Koom Tes, thiab qhov haujlwm no tau txais API hu tam sim. Ntawm no yog ib qho piv txwv ntawm cov cai uas ntxiv txoj cai rau txoj haujlwm saum toj kawg nkaus ntawm HTTPS Txoj Cai Tshawb Fawb uas tsis suav nrog 3 pawg los ntawm kev tshuaj xyuas (Kev Noj Qab Haus Huv, Nyiaj Txiag, Kev Pabcuam Tseemfwv), uas raug txwv tsis pub tshuaj xyuas raws li txoj cai hauv ntau lub tebchaws.

Ntxiv ib txoj cai rau HTTPS txoj cai tshuaj xyuas

from cpapi import APIClient, APIClientArgs

client_args = APIClientArgs(server="192.168.47.240")

data = {
  "layer" : "Default Layer",
  "position" : "top",
  "name" : "Legal Requirements",
  "action": "bypass",
  "site-category": ["Health", "Government / Military", "Financial Services"]
}

with APIClient(client_args) as client: 
     login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
     add_https_rule = client.api_call("add-https-rule", data)
     publish = client.api_call("publish")

Khiav Python scripts ntawm Check Point tswj server

Txhua yam zoo ib yam README.md muaj cov ntaub ntawv hais txog yuav ua li cas khiav Python scripts ncaj qha los ntawm tus tswj server. Qhov no tuaj yeem yooj yim thaum koj tsis tuaj yeem txuas rau API server los ntawm lwm lub tshuab. Kuv kaw ib tug rau-feeb video nyob rau hauv uas kuv saib ntawm kev txhim kho lub module cpapi ib thiab cov yam ntxwv ntawm kev khiav Python scripts ntawm tus tswj server. Raws li ib qho piv txwv, ib tsab ntawv yog khiav uas automates configuration ntawm lub rooj vag tshiab rau ib txoj hauj lwm xws li kev soj ntsuam network. Kev Ntsuam Xyuas Kev Ruaj Ntseg. Ntawm cov yam ntxwv uas kuv yuav tsum tau nrog: cov haujlwm tseem tsis tau tshwm sim hauv Python 2.7 tswv yim, yog li txhawm rau ua cov ntaub ntawv uas tus neeg siv nkag mus, kev ua haujlwm yog siv raw_input. Txwv tsis pub, cov cai yog tib yam li kev tshaj tawm los ntawm lwm lub tshuab, tsuas yog nws yooj yim dua los siv cov haujlwm login_as_root, yog li tsis qhia koj tus kheej username, password thiab IP chaw nyob ntawm tus tswj server dua.

Tsab ntawv rau kev teeb tsa ceev ntawm Kev Ruaj Ntseg CheckUp

from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs

def main():
    with APIClient() as client:
       # if client.check_fingerprint() is False:
       #     print("Could not get the server's fingerprint - Check connectivity with the server.")
       #     exit(1)
        login_res = client.login_as_root()

        if login_res.success is False:
            print("Login failed:n{}".format(login_res.error_message))
            exit(1)

        gw_name = raw_input("Enter the gateway name:")
        gw_ip = raw_input("Enter the gateway IP address:")
        if sys.stdin.isatty():
            sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
        else:
            print("Attention! Your password will be shown on the screen!")
            sic = raw_input("Enter one-time password for the gateway(SIC): ")
        version = raw_input("Enter the gateway version(like RXX.YY):")
        add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
        if add_gw.success and add_gw.data['sic-state'] != "communicating":
            print("Secure connection with the gateway hasn't established!")
            exit(1)
        elif add_gw.success:
            print("The gateway was added successfully.")
            gw_uid = add_gw.data['uid']
            gw_name = add_gw.data['name']
        else:
            print("Failed to add the gateway - {}".format(add_gw.error_message))
            exit(1)

        change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
        if change_policy.success:
            print("The policy has been changed successfully")
        else:
            print("Failed to change the policy- {}".format(change_policy.error_message))
        change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
        if change_rule.success:
            print("The cleanup rule has been changed successfully")
        else:
            print("Failed to change the cleanup rule- {}".format(change_rule.error_message))

        # publish the result
        publish_res = client.api_call("publish", {})
        if publish_res.success:
            print("The changes were published successfully.")
        else:
                print("Failed to publish the changes - {}".format(install_tp_policy.error_message))

        install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true',  "threat-prevention" : 'false', "targets" : gw_uid})
        if install_access_policy.success:
            print("The access policy has been installed")
        else:
                print("Failed to install access policy - {}".format(install_tp_policy.error_message))

        install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false',  "threat-prevention" : 'true', "targets" : gw_uid})
        if install_tp_policy.success:
            print("The threat prevention policy has been installed")
        else:
            print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
        
        # add passwords and passphrases to dictionary
        with open('additional_pass.conf') as f:
            line_num = 0
            for line in f:
                line_num += 1
                add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
                if add_password_dictionary.success:
                    print("The password dictionary line {} was added successfully".format(line_num))
                else:
                    print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))

main()

Piv txwv cov ntaub ntawv nrog tus password phau ntawv txhais lus ntxiv_pass.conf
{ "passwords" : ["malware","malicious","infected","Infected"], "phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"] }

xaus

Kab lus no tsuas yog tshuaj xyuas qhov yooj yim ntawm kev ua haujlwm Python SDK thiab module cpapi ib(raws li koj tuaj yeem tau twv, cov no yog cov ntsiab lus tiag), thiab los ntawm kev kawm cov cai hauv cov qauv no koj yuav pom ntau lub sijhawm rau kev ua haujlwm nrog nws. Nws yog qhov ua tau tias koj yuav xav ntxiv nws nrog koj tus kheej cov chav kawm, kev ua haujlwm, txoj hauv kev thiab kev hloov pauv. Koj tuaj yeem qhia koj cov haujlwm txhua lub sijhawm thiab saib lwm cov ntawv sau rau Check Point hauv ntu CodeHub hauv zej zog CheckMates, uas coj ua ke ob qho khoom tsim tawm thiab cov neeg siv khoom.

Zoo siab coding thiab ua tsaug rau kev nyeem ntawv kom txog thaum kawg!

Tau qhov twg los: www.hab.com

Simplifying qhov Check Point API nrog Python SDK

Txhim kho lub module

Pib

Kev txiav txim siab kev sib txuas

Kev sib txuas ntawm APIClient thiab tus thawj tswj ntsiab lus

Tshawb xyuas qhov txuas

Nkag mus rau API server

tus txheej txheem nkag

Login_with_api_key method

login_as_root txoj kev

Thiab thaum kawg API hu lawv tus kheej

api_call

api_query

Ua cov txiaj ntsig ntawm API hu

kev vam meej

xwm txheej code

set_success_status

teb ( )

cov ntaub ntawv

error_message

Cov piv txwv muaj txiaj ntsig

Khiav Python scripts ntawm Check Point tswj server

xaus

Ntxiv ib saib Отменить ответ